Description:
Critical vulnerabilities have been identified in Adobe Flash Player. Successful
exploitation could cause a crash and potentially allow an attacker to take
control of the affected system.

APSB15-15 – Security updates available for Adobe Reader and AcrobatSeverity: Important

Affected Software

Acrobat XI 11.0.11 and earlier
versions

Acrobat X 10.1.14 and earlier
versions

Reader XI 11.0.11 and earlier
versions

Reader X 10.1.14 and earlier
versions

CVE-2014-8450 - Security Bypass
vulnerabilities that could lead to information disclosureCVE-2015-4447 - Security Bypass restrictions
on JavaScript API executionCVE-2015-5086 - Security Bypass restrictions
on JavaScript API executionCVE-2015-5087 - Security Bypass
vulnerabilities that could lead to code executionCVE-2015-5093 - Buffer Overflow / Underflow
vulnerability that could lead to code executionCVE-2015-5094 - Memory Corruption vulnerabilities
that could lead to code executionCVE-2015-5095 - Use After Free vulnerabilities
that could lead to code executionCVE-2015-5097 - Integer Overflow
vulnerabilities that could lead to code executionCVE-2015-5098 - Memory Corruption
vulnerabilities that could lead to code executionCVE-2015-5099 - Use After Free vulnerabilities
that could lead to code executionCVE-2015-5100 - Memory Corruption
vulnerabilities that could lead to code executionCVE-2015-5101 - Memory Corruption vulnerabilities
that could lead to code executionCVE-2015-5102 - Memory Corruption
vulnerabilities that could lead to code executionCVE-2015-5103 - Memory Corruption
vulnerabilities that could lead to code executionCVE-2015-5104 - Memory Corruption
vulnerabilities that could lead to code executionCVE-2015-5111 - Use After Free vulnerabilities
that could lead to code executionCVE-2015-5113 - Use After Free vulnerabilities
that could lead to code execution

Description:
Adobe has released security updates for Adobe Acrobat and Reader for Windows
and Macintosh. These updates address critical vulnerabilities that could
potentially allow an attacker to take control of the affected system.

Adobe Flash Player Desktop
Runtime 18.0.0.194 and earlier versions for Windows and Macintosh

Adobe Flash Player Extended
Support Release 13.0.0.296 and earlier versions for Windows and
Macintosh

Adobe Flash Player for Google
Chrome 18.0.0.194 and earlier versions for Windows, Macintosh and Linux

Adobe Flash Player 11.2.202.468
and earlier versions for Linux

AIR Desktop Runtime 18.0.0.144
and earlier versions for Windows and Macintosh

AIR SDK 18.0.0.144 and earlier
versions for Windows, Macintosh, Android and iOS

CVE-2014-0578 - Same origin policy bypass that
can lead to cross-site information disclosuresCVE-2015-3118 - Use after free vulnerability
when setting TextField.filtersCVE-2015-3119 - Type Confusion vulnerability
in NetConnection with __proto__CVE-2015-3121 - The data member of the
SharedObject has Type Confusion vulnerabilityCVE-2015-3127 - Use after free vulnerability
in Flash when a SharedObject is used as part of the ArrayCVE-2015-3128 - Use after free vulnerability
in Flash when a text field that was added to a movie clip is deleted by an
implementation of valueOf() or toString() in a custom object.CVE-2015-5119 - Use-after-free in the
ByteArray assignation operator

Description:
Adobe has released security updates for Adobe Flash Player for Windows,
Macintosh and Linux. These updates address vulnerabilities that could
potentially allow an attacker to take control of the affected system.

Description:
Remote code execution vulnerabilities exist when Internet Explorer improperly
accesses objects in memory. These vulnerabilities could corrupt memory in such
a way that an attacker could execute arbitrary code in the context of the
current user.

Description:
This security update resolves a vulnerability in the VBScript scripting engine
in Microsoft Windows. The vulnerability could allow remote code execution if a
user visits a specially crafted website. An attacker who successfully exploited
this vulnerability could gain the same user rights as the current user.

Description:
This security update resolves vulnerabilities in Microsoft Windows. The
vulnerabilities could allow Remote Code Execution if an attacker first places a
specially crafted dynamic link library (DLL) file in the target user’s current
working directory and then convinces the user to open an RTF file or to launch
a program that is designed to load a trusted DLL file but instead loads the
attacker’s specially crafted DLL file.

Description:
Remote code execution vulnerabilities exist in Microsoft Office software when
the Office software fails to properly handle objects in memory. Exploitation of
these vulnerabilities requires that a user open a specially crafted file with
an affected version of Microsoft Office software. In an email attack scenario
an attacker could exploit the vulnerabilities by sending the specially crafted
file to the user and convincing the user to open the file. In a web-based
attack scenario an attacker could host a website (or leverage a compromised
website that accepts or hosts user-provided content) that contains a specially
crafted file that is designed to exploit the vulnerabilities.

MS15-073 – Vulnerability in Windows Kernel-Mode Driver Could Allow
Elevation of PrivilegeSeverity: Important

Description:
An elevation of privilege vulnerability exists due to the way the Windows
kernel-mode driver handles objects in memory. An attacker who successfully
exploited this vulnerability could run arbitrary code in kernel mode. An
attacker could then install programs; view, change, or delete data; or create
new accounts with full user rights. To exploit this vulnerability, an attacker
would first have to log on to the system. An attacker could then run a specially
crafted application that could exploit the vulnerability and take complete
control over an affected system.

MS15-075 – Vulnerabilities in OLE Could Allow Elevation of
PrivilegeSeverity: Important

Description:
This security update resolves vulnerabilities in Microsoft Windows. The
vulnerabilities could allow elevation of privilege if used in conjunction with
another vulnerability that allows arbitrary code to be run.

Description:
This security update resolves a vulnerability in Microsoft Windows. The
vulnerability, which exists in Windows Remote Procedure Call (RPC) authentication,
could allow elevation of privilege if an attacker logs on to an affected system
and runs a specially crafted application. An attacker who successfully
exploited this vulnerability could take complete control of the affected
system.

MS15-077 – Vulnerability in ATM Font Driver Could Allow Elevation
of PrivilegeSeverity: Important

Description:
An elevation of privilege vulnerability exists in Adobe Type Manager Font
Driver (ATMFD) when it fails to properly handle objects in memory. An attacker
who successfully exploited this vulnerability could execute arbitrary code and
take complete control of an affected system. An attacker could then install
programs; view, change, or delete data; or create new accounts with full user
rights.

Adobe Flash Player Desktop
Runtime 18.0.0.194 and earlier versions for Windows and Macintosh

Adobe Flash Player Extended
Support Release 13.0.0.296 and earlier versions for Windows and
Macintosh

Adobe Flash Player for Google
Chrome 18.0.0.194 and earlier versions for Windows, Macintosh and Linux

Adobe Flash Player 11.2.202.468
and earlier versions for Linux

AIR Desktop Runtime 18.0.0.144
and earlier versions for Windows and Macintosh

AIR SDK 18.0.0.144 and earlier
versions for Windows, Macintosh, Android and iOS

CVE-2015-5119 - Use-after-free in the
ByteArray assignation operatorCVE-2015-3128 - Use after free vulnerability
in Flash when a text field that was added to a movie clip is deleted by an
implementation of valueOf() or toString() in a custom object.CVE-2015-3127 - Use after free vulnerability
in Flash when a SharedObject is used as part of the ArrayCVE-2015-3119 - Type Confusion vulnerability
in NetConnection with __proto__CVE-2015-3118 - Use after free vulnerability
when setting TextField.filtersCVE-2014-0578 - Same origin policy bypass that
can lead to cross-site information disclosuresCVE-2015-3121 - The data member of the
SharedObject has Type Confusion vulnerability

Description:
Adobe has released security updates for Adobe Flash Player for Windows,
Macintosh and Linux. These updates address vulnerabilities that could
potentially allow an attacker to take control of the affected system.

Description:
Remote code execution vulnerabilities exist in Microsoft Office software when
the Office software fails to properly handle objects in memory. Exploitation of
these vulnerabilities requires that a user open a specially crafted file with
an affected version of Microsoft Office software. In an email attack scenario
an attacker could exploit the vulnerabilities by sending the specially crafted
file to the user and convincing the user to open the file. In a web-based
attack scenario an attacker could host a website (or leverage a compromised
website that accepts or hosts user-provided content) that contains a specially
crafted file that is designed to exploit the vulnerabilities.

Description:
Remote code execution vulnerabilities exist when Internet Explorer improperly
accesses objects in memory. These vulnerabilities could corrupt memory in such
a way that an attacker could execute arbitrary code in the context of the
current user.

Description:
An elevation of privilege vulnerability exists in Adobe Type Manager Font
Driver (ATMFD) when it fails to properly handle objects in memory. An attacker
who successfully exploited this vulnerability could execute arbitrary code and
take complete control of an affected system. An attacker could then install
programs; view, change, or delete data; or create new accounts with full user
rights. www.wecloud.cominfo@wecloud.com